feat(auth): prune crypto provider dependencies #4220
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4220 +/- ##
==========================================
- Coverage 94.80% 94.78% -0.02%
==========================================
Files 187 187
Lines 7194 7193 -1
==========================================
- Hits 6820 6818 -2
- Misses 374 375 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
coryan
force-pushed
the
feat-auth-prune-crypto-providers
branch
6 times, most recently
from
14d3a42 to
96615c2
Compare
With the default features enabled `google-cloud-auth` selects a crypto provider automatically. Note that whatever features are enabled, the applications can always override the crypto provider. This change partially prunes the default provider from the dependency tree. The default provider is `ring` and this is still used for certificate verification via dependencies on `webpki-roots`. With this change, it is possible to compile `google-cloud-auth` without linking the default crypto provider for rustls. If the library is compiled without a default crypto provider, applications **must** configure the provider using `rustls::CryptoProvider::install_default()`. Note that most other `google-cloud-*` crates enable the default crypto provider. Future PRs will add a similar `default-tls` feature to all downstream crates. This feature will be enabled by default, but if disabled the downstream crates will not require a provider from `google-cloud-auth` either.
coryan
force-pushed
the
feat-auth-prune-crypto-providers
branch
from
e1cc73a to
3097c48
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With the default features enabled
google-cloud-authselects a cryptoprovider automatically. Note that whatever features are enabled, the
applications can always override the crypto provider, but before this
change it was impossible to prune the default provider from the
dependency tree.
With this change, it is possible to compile
google-cloud-authwithoutlinking the default crypto provider for rustls. If the library is
compiled without a default crypto provider, applications must
configure the provider using
rustls::CryptoProvider::install_default().Note that most other
google-cloud-*crates enable the default cryptoprovider. Future PRs will add a similar
default-tlsfeature to alldownstream crates. This feature will be enabled by default, but if
disabled the downstream crates will not require a provider from
google-cloud-autheither.Part of the work for #4170